If I managed to get spyware onto a famous person's comp

36 Replies - 2077 Views - Last Post: 23 February 2010 - 09:05 PM

What would happen?

Posted 20 February 2010 - 10:42 PM

What would happen if I managed to get spyware onto a famous person's comp, and then got caught?

Suppose I somehow(in disguise) tricked Alexander Ovechkin into downloading and running one of my programs. Then, I used it to secretly take pictures of him and got them sent to me, and I also keylogged his twitter password. But since I'm a noob, some code in the program caused it to crash one day - one thing led to another, and he tracked down my program. Would he call the police?

Suppose Ovechkin got some tech ppl to look at my program - and since I'm a noob and digitally signed it with my main machine, will they like find out my ip address and look me up in the phone book and find out my name and home address?
In other words, by digitally signing my program with my own comp, am I risking sensitive info?

How will the US security ppl get to me? Would FBI agents in black suits come knocking on my door and ask for me? Would US people catch me on my way to school(I walk to school)? Will they call me and summon me to a police station? Will there be like 10 helicopters and like 50 police cars surrounding my house? Ouuu, exciting

NOTE: I'm not explicitly talking about making/using malware, I am just wondering about the consequences. Just the consequences.

This post has been edited by LeisureProgrammer: 21 February 2010 - 10:12 AM

Re: What would happen?

Posted 20 February 2010 - 10:54 PM

POPULAR

LeisureProgrammer, on 20 February 2010 - 11:42 PM, said:

How will the US security ppl get to me?

Generally speaking the FBI does not get involved until a specified dollar amount is met. I want to say this was (years ago) $10,000 worth of damage. Supposing that said individual was willing to pay to have the software reverse engineered to find you, then maybe they would take on the project. That being said, tracking you would involve how the spyware was contracted. If you it was delivered directly from your home computer your ISP would have logs showing the transfer of the data. You've already signed an agreement when you signed up for their service where they state they will comply with any or all law enforcements involving public & personal data. On the flip side, if it was not downloaded directly from you, then the hunt would become more difficult, but again all internet traffic is logged at the ISP level, so if you uploaded a file to some webserver, & then it was downloaded to the celebratory from there the logs would still be traceable, but would just take longer.

LeisureProgrammer, on 20 February 2010 - 11:42 PM, said:

In other words, by digitally signing my program with my own comp, am I risking sensitive info?

The traffic alone would enough to convict you.

LeisureProgrammer, on 20 February 2010 - 11:42 PM, said:

Will there be like 10 helicopters and like 50 police cars surrounding my house?

Most likely something as small as this, a warrant for your arrest would be issued. Your activity (in real life, not on the internet) may be tracked, & if you were not picked up in a traffic stop or other violation then they would pick you up at work or school. Someplace nice & public so there would be lots of witnesses if you resisted arrest.

On a side note, why don't you stop begin such a shit head & give up working on Malware. This is like your umpteen millionth post either asking a question related to Malware practices, or Malware code. I'm starting to really not like you, & hope that you get caught doing something naughty that I'm almost certin by now that you are up to.

Re: What would happen?

Posted 21 February 2010 - 01:49 AM

no2pencil, on 20 February 2010 - 10:54 PM, said:

...but again all internet traffic is logged at the ISP level, so if you uploaded a file to some webserver, & then it was downloaded to the celebratory from there the logs would still be traceable, but would just take longer...

Of course that's why you would then use proxies that don't take logs. You would have to search every ISP in existence and pray they even have records of someone accessing that proxy.

Even better yet, what if you threw it up there from some random public wifi or unsecured wifi? That would make you really anonymous. It sure is much easier to hide yourself today than it was back when you actually plugged yourself into phones. Get real, being randomly tackled and arrested by FBI agents is something that really only happens in Hackers. Most real world hackers do nothing more than make computer life difficult for others.

So, who's going to stop you? Well, there's lots of people who have made it their business (literally) to keep your parasites out of their machines! You're not going to fool anyone with a tiny disclaimer at the end of your post. It's the lion's den here, I wouldn't go wagging slabs of raw meat in front of what are most likely an army of IT security experts if I were you.

It's a good thing you're "only wondering", it sounds like you couldn't even phish passwords out of my grandmother. You sound familiar too, like that one person who went around bothering people for servers to set up spam mail servers with. Paranoid accusations aside, you should spend the energy to build things on computers that help people and not hurt them.

Re: What would happen?

Posted 21 February 2010 - 02:45 AM

No idea, but I doubt that a russian hockey player is going to call the FBI to arrest some canadian. he'll probably just assume you want to blackmail him for the vodka or an autographed hockey puck, unless you're getting daily pictures of him doing lines of coke off the space bar.

you know, thinking about it, here's a fun possibility: you put the spyware on the computer and then upload it somewhere where anybody can access the pictures (eg, 4chan). if you do the virus right he won't know how or when it was installed, and if you can do that, there's no way for him to find out who you are by where the pictures are going- because they're going everywhere.

Re: What would happen?

Don't ISP's only keep logs for up to 42 hours? If you use the program once and then shutdown the transmission part and nothing is sent for 2 days then your activity would be out of the logs...

the problem is when they reverse engineer the program and find where it sends it's data; that is, unless you make it so that it only sends back to whoever connects or taps into the program. Then as Wolfy said you can hit up a WiFi hotspot...preferably outside of your city.

Also you could spoof your MAC address and DBAN(Dan's boot and nuke) your machine if you thought that someone was onto you.

Why would you even wonder about this. Of course 50 cops wont go to arrest you. That many wouldn't even go to arrest murderers let alone cyber criminals. How many police did it take to arrest Kevin Mitnik? He was a real cracker.

Re: What would happen?

Posted 21 February 2010 - 09:56 AM

You know maybe Alexander Ovechkin discovers what you have done, and maybe rather than going to the police he bring the matter to the attention of some Russian Business men that maybe are interested in his career. They feel that maybe your crazy stalking might be a threat to their cash flow so they have a talk with an IBM (Italian Business Man) that they know who handles such things. This IBM knows a guy who knows a guy who used to play a little T-Ball when he was younger. And maybe this guy takes an aluminum bat mistakes your knee caps for baseballs.

Look, cyber-crimes (especially international crimes) are not well understood and perhaps there is a good deal that one could *technically* get away with. Right now jurisdiction can be an issue (for example I understand that there are many people who have warrens for their arrest in California for downloading, even though they live elsewhere in the world and will probably not know about the warrant for years to come). But just because you think that you CAN do something, does not mean that you should. Just because you think that you can't get in trouble, does not mean that a couple of thugs with tire-irons can't find a dark ally to even the score in. Just because the police don't have a law they nail you with, does not mean some lawyers can't take your computer, car, and house in court.

Even if the Police can't make a case against you for some cyber-crime, there are plenty of other laws they can bend to their will to punish you. For example your little program may be considered an invasion of privacy, or unlawful surveillance, I know that there are a host of anti-stalker laws and I am sure at least 1 applies. Then there are civil suits as well.

Maybe Alexander Ovechkin pays some professional who is not a n00b to ruin your credit, to hack and drain your bank accounts, to edit your medical records, or edit your driving history, to add warrants for speeding tickets in places you have never even heard of, to convince the MPAA you have downloaded 1000's movies...

If you play with fire long enough eventually you WILL get burned and you will probably not see it coming.

Re: What would happen?

Posted 21 February 2010 - 10:01 AM

POPULAR

Or, you post stupid shit on forums constantly asking how to create malware and it shows up in google with your name, and his name, associated with it. Then the government submits a subpoena to me asking for your IP address and I turn over every IP address you've ever used to post/register an account, etc.

Or, after being told not to post crap about malware, you continue to do so, get banned, then register a new account in violation of our own terms of service (just like all the games terms of service you want to break by cheating) and I submit harassment and abuse reports with your ISP, school, and any other IP address you've ever used to post here, as well as file restraining orders in your local jurisdiction to further prevent you from accessing our servers. Then turn over all posts to the FBI with your IP address where you even hint at creating malware or damaging others computers.

Re: What would happen?

Posted 21 February 2010 - 10:05 AM

Quote

How many police did it take to arrest Kevin Mitnik? He was a real cracker.

Truth is, Kevin Mitnik was an armature who ticked off the wrong nerd and got lots of publicity for it. I like the guy, I think he has made some fantastic social commentary and really helped open many people's eyes to just how little the public and law-makers understand the world of computers. But he was not a "real cracker" (whatever that means).

Re: What would happen?

Posted 21 February 2010 - 05:37 PM

POPULAR

See my sig. Just because you can do something with code doesn't mean you should. Programmers are responsible for writing good, solid code that should behave in an appropriate manner and act as promised by the developer. You have the rest of your life to be an asshole, why don't you take this year off?

Re: What would happen?

Posted 21 February 2010 - 05:49 PM

Or maybe your program backfires and installs itself on your computer, using the webcam and microphone to record all the naughty stuff you do with your girlfriend, no wait boyfriend, hold on- got it: yourself. It then posts it on your Facebook, Myspace and Twitter accounts along with Youtube, 56.com, Youku, and many other video sharing websites. In addition, it captures screen shots of all the really gross pr0n you watch to post with the recordings so that the whole world knows that you are a furious masturbater and what gets you going. Then, CNN, NBC, and the international media organizations find out what happened and do a whole series on why you don't write malware. When watching TV, your parents see your furious masturbation and take away your door, computer and internet connection so as to prevent you from furiously masturbating in addition to getting you into a therapist and an exorcist. Just since we're on the topic of outrageous things that are never going to happen.